High-Profile Domains from Congo Defaced via Hack Attack on NIC


Congolese NIC hacked by TeaM MaDLeeTs

The Congo domains (.cd) for Amazon, Audi, AVG, BBC, BMW, Canon, DHL, eBay, Fujitsu, GoDaddy, Hitachi, Honda, IBM, Panasonic, Toshiba, Mercedes, Rolex, Samsung, T-Mobile, Volkswagen and many others have been defaced by hackers of TeaM MaDLeeTs.

In reality, many of these companies don’t even have a .cd domain. However, that doesn’t matter in this particular attack. The attackers breached the systems of the Congolese Network Information Centre (NIC) and modified DNS entries so that the visitors of these domains would be redirected to their defacement page.

At the time of writing, the DNS records appear to have been restored. However, the hackers have made available defacement mirrors to prove the attack.

I’m trying to contact representatives of the Congolese NIC to see if they can provide any additional details on this attack. This post will be updated in case more information becomes available.

This isn’t the first time TeaM MaDLeeTs uses DNS poisoning to deface websites. Their latest target has been the Montenegro domain registrar .ME. In the attack against .ME, the hackers made it look as if they had hijacked 3,500 parked domains. In reality, they simply defaced the webpage to which parked domain names resolve.

While TeaM MaDLeeTs is often involved in hacktivist operations, they often target organizations just to demonstrate that their systems are not properly secured.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s